Top Tips For Preparing and Passing The CISSP Exam

Insights, tips and tricks from a CISSP for putting your best foot forward

Male student sitting with a laptop and studying

 Nicolas Hansen / Getty Images

Below is part of an article written for, which is no longer available, describing the top 10 tips to help people study for and pass the CISSP certification exam. Excerpted from with permission.

The Certified Information Systems Security Professional (CISSP) certification from The International Information Systems Security Certification Consortium [(ISC)2] is arguably the most sought-after and widely accepted certification in the information security industry. It’s become established as the standard baseline for demonstrating knowledge and proving expertise in this sphere.

Compared with most other technical certification exams, the CISSP exam is quite long. Passing the test requires not only the prerequisite knowledge to answer the questions correctly, but the stamina and mental fortitude to get through the six-hour, 250-question paper-based exam. For an information security professional, preparing for the CISSP exam is a little bit like a runner preparing to race in a marathon.

Don’t fret, though. It can be done. There are plenty of CISSPs out there in the world as proof that you can pass the exam. Here are 10 tips we recommend to prepare for this challenge and give yourself the best possible chance of success.

Hands-On Experience

One of the requirements for being awarded the CISSP certification is a certain amount of time in the industry and hands-on experience: three to four years of full-time work, depending on your educational background. Even if it wasn’t a requirement, hands-on experience is a valuable means of learning about computer security.

If you don’t have three to four years of experience, that doesn’t mean you can’t sit the CISSP exam. (ISC)2 will allow those who pass the exam without meeting the experience requirements to become Associates of (ISC)2, and then award them the CISSP title after the experience requirement has been met.

Many people simply learn and retain information better when they actually do it instead of just reading about it. You can listen to seminars and read books about various aspects of information security, but until you do it yourself and experience it firsthand, it’s just theory. In most cases, nothing teaches faster than actually doing it and learning from your own mistakes.

Another way to get hands-on experience, especially in areas you’re not currently focused on at work, is to set up your own minilab. Use old or virtual computers to experiment with different operating systems and security configurations.

Begin Studying in Advance

The CISSP certification demonstrates that you know a little bit about a lot of different information security topics. Even if you work in the information security industry, odds are that you don’t focus on all 10 core bodies of knowledge (CBKs), or subject matter areas covered by the CISSP, on a day-to-day basis. You may be expert in one or two areas, and very familiar with a handful more, but there are probably at least one or two CBKs that you’ll almost have to teach yourself from scratch to pass the examination.

Don’t expect to start studying the week before your exam and think you can pick up enough about subjects you’re not familiar with to pass. The scope of the information covered is huge, which you’ll need to study and learn over a long period of time, so don't expect to just cram the night before. You should start studying at least three months before your exam date and draw up a schedule for yourself to ensure you dedicate at least an hour or two a day studying. It’s not unheard of for CISSP candidates to begin preparing six to nine months out.

Use a Study Guide, if Not More Than One

There are a number of excellent books you can use to help you prepare for and pass the CISSP exam. Study guides and exam preparation books can help boil down the mass amounts of information and assist you in keying in on the critical components you need to remember to pass the exam.

The sheer volume of information covered in the exam makes it difficult, if not impossible, to learn about everything in depth. Rather than trying to learn in a vacuum, so to speak, and not knowing which components of a given subject area are truly important, check out some CISSP exam guides. These can help you key in on the specific information within the CBKs that matters most for passing the exam.

CISSP preparation books will certainly not make you an expert in subjects you’re not already an expert in. But, for the subject areas you know little or nothing about, a CISSP book, such as the “CISSP All-In-One Exam Guide” by Shon Harris, provides you clues and guidance about what the important information from those subjects is when it comes to passing the exam.